On Thu, 2019-08-15 at 09:50 -0400, Gerald Henriksen wrote: > On Wed, 14 Aug 2019 11:23:53 -0500, you wrote: > > > So in summary, I guess I mostly support allowing packages which can't be > > rebuilt to stay in the distribution as long as they actually work and > > aren't causing maintenance burden elsewhere > > On the other hand, unbuildable packages could be viewed as a security > risk. > > If you can't just fix the security issue and rebuild, but instead have > to also fix the issue(s) that prevent the package from rebuilding this > could cause delays in getting a security update out. Not to mention packages with compiled code not picking up all the hardening flags introduced since they have last been build - that could be a security issue by itself. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
